DEBIAN-CVE-2024-50142
In the Linux kernel, the following vulnerability has been resolved: xfrm: validate new SA's prefixlen using SA family when sel.family is unset This expands the validation introduced in commit 07bf7908950a ("xfrm: Validate address prefix lengths in the xfrm selector.") syzbot created an SA with usersa.sel.family = AF_UNSPEC usersa.sel.prefixlen_s = 128 usersa.family = AF_INET Because of the AF_UNSPEC selector, verify_newsa_info doesn't put limits on prefixlen_{s,d}. But then copy_from_user_state sets x->sel.family to usersa.family (AF_INET). Do the same conversion in verify_newsa_info before validating prefixlen_{s,d}, since that's how prefixlen is going to be used later on.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | linux | 6.1.99-1, 6.1.69-1, 0 |
| Debian:11 | linux | 5.10.162-1, 5.10.221-1, 5.10.223-1 |
| Debian:14 | linux | 0, 0 |
| Debian:13 | linux | 0, 0 |
| Debian:11 | linux-6.1 | 6.1.106-3, 6.1.112-1, * |
Exploit Intelligence
- USN-7389-1.json (github-poc)
Timeline
- Nov 7, 2024 CVE Published
- Apr 28, 2026 CVE Updated